If you can open cmd or any interactive process under system context (psexec etc.) You have much bigger problem than worrying about service accounts.
In that case, separate account or system account wont really matter, because in case of a breach, the attacker is just changing the account they are interested in.
Solve your attack surface reduction first, then this question will become irrelevant.
I dont know if veeam currently supports gMSAs for running the services, but still, its just an account wih different icon![:)]( "Smile")
In that case, separate account or system account wont really matter, because in case of a breach, the attacker is just changing the account they are interested in.
Solve your attack surface reduction first, then this question will become irrelevant.
I dont know if veeam currently supports gMSAs for running the services, but still, its just an account wih different icon
Statistics: Posted by SnakeSK — Jun 27, 2024 11:14 pm
